We start this post where we left the first one, we are moving now into the analysis phase once we have parsed the memory dump with Volatility and the Vshot script included in Remnux. The current script version 4.01 is running 44 plugins against the memory dump. Let's have a quick look at the plugins … Continue reading Memory Forensics with Vshot and Remnux (rogue process identification,2)
I originally retweeted this information in my account, I often do so with information I want to read but I can not read at the time I find it. When I first skimmed through, what caught my attention was the fact that the organization in this case PagerDuty, was disclosing their internal Incident Response processes. … Continue reading Exploring incident response procedures with PagerDuty.
This is an 11 page white paper that goes through the current challenges faced by researchers to attribute cyber attacks. It goes through the current techniques such as, Timestamps Strings, debug and metadata Malware families, code reuse Threat infrastructure used It also present some of the most advance APT's and their potential origin and techniques believed … Continue reading Paper: Wave your false flags! Deception tactics muddying attribution in targeted attacks
Threat Hunting and training such as GCFA are proving to be beneficial to lower the internal detection and dwell time. Not long ago we were discussing the long time that was taking to do internal detection and average dwell time but this is currently changing. Rob Lee and the SANS Institute in their GCFA update … Continue reading The right ingredients for Threat Hunting
In a quick break this weekend I had a chance to read this new paper developed by NATO to explain and train special forces in the art of digital intelligence and evidence collection. It is clear from this publication how rapidly the world around us is transforming, special forces from now on will be trained … Continue reading Battlefield Digital Forensics
A couple of days ago I was recommended these 2 documentaries, they are short but concise and they show how cyber criminality is on the rise. In the first documentary they explain how Romania as a result of its history is seeing a surge in cyber criminal activities. It is an excellent testimony from some … Continue reading The Most Dangerous Town on the Internet
In this third post we are going to see what we need to look at when hunting and detecting adversaries in the perimeter. We are also going to look at some of the firewall technologies and their log formats in order to detect anomalies in the inbound and outbound traffic in your network. … Continue reading Cyber Threat Hunting (3): Hunting in the perimeter